xurl
Fail
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill suggests an installation method using
curl -fsSL https://raw.githubusercontent.com/xdevplatform/xurl/main/install.sh | bash. This pattern is dangerous as it executes unverified code from a third-party repository directly in the shell. - [EXTERNAL_DOWNLOADS]: The skill requires downloading and installing the
xurlCLI tool from an external GitHub repository (github.com/xdevplatform/xurl) and via NPM (@xdevplatform/xurl). - [COMMAND_EXECUTION]: The skill is designed to run the
xurlCLI utility. It maps user requests to shell commands, which presents a risk of command injection if arguments are not properly handled, although it primarily uses defined subcommands. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing untrusted data from the X API (e.g., via
search,mentions, andread). - Ingestion points: Data enters the context via
xurl search,xurl mentions,xurl read, andxurl timelineinSKILL.md. - Boundary markers: None identified; the agent is not explicitly told to ignore instructions embedded in the API responses.
- Capability inventory: The skill can perform numerous write actions on X (post, reply, delete, DM) and manage application credentials via the
xurlCLI. - Sanitization: No sanitization of the retrieved API data is specified.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/xdevplatform/xurl/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata